@forwardimpact/libmacos - npm Package Compare versions

Comparing version 0.1.2 to 0.1.3

package.json

 {
   "name": "@forwardimpact/libmacos",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "macOS bundle assembly, code signing, and OS permission helpers — desktop delivery without platform ceremony.",
@@ -34,2 +34,5 @@ "keywords": [
   },
+  "dependencies": {
+    "@forwardimpact/libutil": "^0.1.60"
+  },
   "devDependencies": {
@@ -36,0 +39,0 @@ "@forwardimpact/libmock": "^0.1.0"

src/posix-spawn.js

@@ -9,6 +9,8 @@ // @ts-check
 import { dlopen, ptr } from "bun:ffi";
-import { openSync, closeSync, readFileSync, unlinkSync } from "node:fs";
+import { randomUUID } from "node:crypto";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 
+import { createDefaultRuntime } from "@forwardimpact/libutil/runtime";
+
 // responsibility_spawnattrs_setdisclaim makes the spawned child disclaim
@@ -100,7 +102,9 @@ // TCC "responsible process" status, so macOS checks the parent's responsible
  * @param {string} filePath
+ * @param {object} [runtime] - Runtime collaborator bag
  * @returns {string}
  */
-export function readOutput(filePath) {
+export function readOutput(filePath, runtime = createDefaultRuntime()) {
+  const { fsSync } = runtime;
   try {
-    return readFileSync(filePath, "utf-8");
+    return fsSync.readFileSync(filePath, "utf-8");
   } catch {
@@ -110,3 +114,3 @@ return "";
     try {
-      unlinkSync(filePath);
+      fsSync.unlinkSync(filePath);
     } catch {
@@ -129,7 +133,15 @@ // temp file may already be gone
  * @param {string} [cwd] - Working directory for the child process
+ * @param {object} [runtime] - Runtime collaborator bag
  * @returns {{ pid: number, stdoutFile: string, stderrFile: string }}
  */
-export function spawn(executable, args, env, cwd) {
+export function spawn(
+  executable,
+  args,
+  env,
+  cwd,
+  runtime = createDefaultRuntime(),
+) {
+  const { proc, clock, fsSync } = runtime;
   const argv = buildStringArray([executable, ...args]);
-  const envObj = env ?? { ...process.env };
+  const envObj = env ?? { ...proc.env };
   const envStrings = Object.entries(envObj)
@@ -140,8 +152,11 @@ .filter(([, v]) => typeof v === "string")
 
-  // Capture stdout/stderr via temp files instead of pipes.
-  const tag = `outpost-${process.pid}-${Date.now()}`;
+  // Capture stdout/stderr via temp files instead of pipes. The tag must be
+  // unique across concurrent spawns; `runtime.proc` exposes no pid, so a
+  // random UUID replaces the former `${pid}-${Date.now()}` scheme (clock.now()
+  // alone is not unique within a millisecond).
+  const tag = `outpost-${clock.now()}-${randomUUID()}`;
   const stdoutFile = join(tmpdir(), `${tag}-stdout`);
   const stderrFile = join(tmpdir(), `${tag}-stderr`);
-  const stdoutFd = openSync(stdoutFile, "w", 0o600);
-  const stderrFd = openSync(stderrFile, "w", 0o600);
+  const stdoutFd = fsSync.openSync(stdoutFile, "w", 0o600);
+  const stderrFd = fsSync.openSync(stderrFile, "w", 0o600);
 
@@ -183,4 +198,4 @@ // Allocate attr and file_actions on the heap
   // Close file fds in the parent (child has its own copies)
-  closeSync(stdoutFd);
-  closeSync(stderrFd);
+  fsSync.closeSync(stdoutFd);
+  fsSync.closeSync(stderrFd);
 
@@ -192,3 +207,3 @@ libc.symbols.posix_spawnattr_destroy(attr);
     try {
-      unlinkSync(stdoutFile);
+      fsSync.unlinkSync(stdoutFile);
     } catch {
@@ -198,3 +213,3 @@ // cleanup best-effort
     try {
-      unlinkSync(stderrFile);
+      fsSync.unlinkSync(stderrFile);
     } catch {
@@ -214,5 +229,11 @@ // cleanup best-effort
  * @param {number} [pollIntervalMs=100] - Polling interval in milliseconds
+ * @param {object} [runtime] - Runtime collaborator bag
  * @returns {Promise<number>} Exit status
  */
-export async function waitForExit(pid, pollIntervalMs = 100) {
+export async function waitForExit(
+  pid,
+  pollIntervalMs = 100,
+  runtime = createDefaultRuntime(),
+) {
+  const { clock } = runtime;
   const status = new Int32Array(1);
@@ -226,4 +247,4 @@ while (true) {
     // Child not yet exited — yield to event loop
-    await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
+    await clock.sleep(pollIntervalMs);
   }
 }

New alerts

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

28648

2.65%

Lines of code

247

8.81%

Number of low supply chain risk alerts

1

-50%

Worsened metrics

Dependency count

1

Infinity%

Dependency changes

• + Added

  @forwardimpact/libutil@^0.1.60

• + Added

  @aws-crypto/crc32@5.2.0
  (transitive)

• + Added

  @aws-crypto/crc32c@5.2.0
  (transitive)

• + Added

  @aws-crypto/sha1-browser@5.2.0
  (transitive)

• + Added

  @aws-crypto/sha256-browser@5.2.0
  (transitive)

• + Added

  @aws-crypto/sha256-js@5.2.0
  (transitive)

• + Added

  @aws-crypto/supports-web-crypto@5.2.0
  (transitive)

• + Added

  @aws-crypto/util@5.2.0
  (transitive)

• + Added

  @aws-sdk/checksums@3.1000.1
  (transitive)

• + Added

  @aws-sdk/client-cognito-identity@3.1062.0
  (transitive)

• + Added

  @aws-sdk/client-s3@3.1062.0
  (transitive)

• + Added

  @aws-sdk/core@3.974.17
  (transitive)

• + Added

  @aws-sdk/credential-provider-cognito-identity@3.972.41
  (transitive)

• + Added

  @aws-sdk/credential-provider-env@3.972.43
  (transitive)

• + Added

  @aws-sdk/credential-provider-http@3.972.45
  (transitive)

• + Added

  @aws-sdk/credential-provider-ini@3.972.49
  (transitive)

• + Added

  @aws-sdk/credential-provider-login@3.972.48
  (transitive)

• + Added

  @aws-sdk/credential-provider-node@3.972.51
  (transitive)

• + Added

  @aws-sdk/credential-provider-process@3.972.43
  (transitive)

• + Added

  @aws-sdk/credential-provider-sso@3.972.48
  (transitive)

• + Added

  @aws-sdk/credential-provider-web-identity@3.972.48
  (transitive)

• + Added

  @aws-sdk/credential-providers@3.1062.0
  (transitive)

• + Added

  @aws-sdk/middleware-flexible-checksums@3.974.26
  (transitive)

• + Added

  @aws-sdk/middleware-sdk-s3@3.972.47
  (transitive)

• + Added

  @aws-sdk/nested-clients@3.997.16
  (transitive)

• + Added

  @aws-sdk/signature-v4-multi-region@3.996.31
  (transitive)

• + Added

  @aws-sdk/token-providers@3.1062.0
  (transitive)

• + Added

  @aws-sdk/types@3.973.10
  (transitive)

• + Added

  @aws-sdk/util-locate-window@3.965.5
  (transitive)

• + Added

  @aws-sdk/xml-builder@3.972.27
  (transitive)

• + Added

  @aws/lambda-invoke-store@0.2.4
  (transitive)

• + Added

  @colors/colors@1.5.0
  (transitive)

• + Added

  @forwardimpact/libcli@0.1.14
  (transitive)

• + Added

  @forwardimpact/libconfig@0.1.83
  (transitive)

• + Added

  @forwardimpact/libformat@0.1.18
  (transitive)

• + Added

  @forwardimpact/libindex@0.1.42
  (transitive)

• + Added

  @forwardimpact/libpreflight@0.1.2
  (transitive)

• + Added

  @forwardimpact/librepl@0.1.14
  (transitive)

• + Added

  @forwardimpact/libsecret@0.1.18
  (transitive)

• + Added

  @forwardimpact/libstorage@0.1.85
  (transitive)

• + Added

  @forwardimpact/libtelemetry@0.1.46
  (transitive)

• + Added

  @forwardimpact/libtype@0.1.78
  (transitive)

• + Added

  @forwardimpact/libutil@0.1.89
  (transitive)

• + Added

  @nodable/entities@2.1.1
  (transitive)

• + Added

  @protobufjs/aspromise@1.1.2
  (transitive)

• + Added

  @protobufjs/base64@1.1.2
  (transitive)

• + Added

  @protobufjs/codegen@2.0.5
  (transitive)

• + Added

  @protobufjs/eventemitter@1.1.1
  (transitive)

• + Added

  @protobufjs/fetch@1.1.1
  (transitive)

• + Added

  @protobufjs/float@1.0.2
  (transitive)

• + Added

  @protobufjs/inquire@1.1.2
  (transitive)

• + Added

  @protobufjs/path@1.1.2
  (transitive)

• + Added

  @protobufjs/pool@1.1.0
  (transitive)

• + Added

  @protobufjs/utf8@1.1.1
  (transitive)

• + Added

  @sindresorhus/is@4.6.0
  (transitive)

• + Added

  @smithy/core@3.24.6
  (transitive)

• + Added

  @smithy/credential-provider-imds@4.3.8
  (transitive)

• + Added

  @smithy/fetch-http-handler@5.4.6
  (transitive)

• + Added

  @smithy/is-array-buffer@2.2.0
  (transitive)

• + Added

  @smithy/node-http-handler@4.7.7
  (transitive)

• + Added

  @smithy/signature-v4@5.4.6
  (transitive)

• + Added

  @smithy/types@4.14.3
  (transitive)

• + Added

  @smithy/util-buffer-from@2.2.0
  (transitive)

• + Added

  @smithy/util-utf8@2.3.0
  (transitive)

• + Added

  @types/node@25.9.1
  (transitive)

• + Added

  ansi-escapes@7.3.0
  (transitive)

• + Added

  ansi-regex@5.0.16.2.2
  (transitive)

• + Added

  ansi-styles@4.3.0
  (transitive)

• + Added

  any-promise@1.3.0
  (transitive)

• + Added

  bowser@2.14.1
  (transitive)

• + Added

  chalk@4.1.25.6.2
  (transitive)

• + Added

  char-regex@1.0.2
  (transitive)

• + Added

  cli-highlight@2.1.11
  (transitive)

• + Added

  cli-table3@0.6.5
  (transitive)

• + Added

  cliui@7.0.4
  (transitive)

• + Added

  color-convert@2.0.1
  (transitive)

• + Added

  color-name@1.1.4
  (transitive)

• + Added

  dayjs@1.11.21
  (transitive)

• + Added

  deepmerge@4.3.1
  (transitive)

• + Added

  dom-serializer@2.0.0
  (transitive)

• + Added

  domelementtype@2.3.0
  (transitive)

• + Added

  domhandler@5.0.3
  (transitive)

• + Added

  domutils@3.2.2
  (transitive)

• + Added

  emoji-regex@8.0.0
  (transitive)

• + Added

  emojilib@2.4.0
  (transitive)

• + Added

  entities@4.5.07.0.1
  (transitive)

• + Added

  environment@1.1.0
  (transitive)

• + Added

  escalade@3.2.0
  (transitive)

• + Added

  escape-string-regexp@4.0.0
  (transitive)

• + Added

  fast-xml-builder@1.2.0
  (transitive)

• + Added

  fast-xml-parser@5.7.3
  (transitive)

• + Added

  get-caller-file@2.0.5
  (transitive)

• + Added

  has-flag@4.0.0
  (transitive)

• + Added

  highlight.js@10.7.3
  (transitive)

• + Added

  htmlparser2@10.1.0
  (transitive)

• + Added

  is-fullwidth-code-point@3.0.0
  (transitive)

• + Added

  is-plain-object@5.0.0
  (transitive)

• + Added

  jmespath@0.16.0
  (transitive)

• + Added

  launder@1.7.1
  (transitive)

• + Added

  long@5.3.2
  (transitive)

• + Added

  marked@15.0.1218.0.5
  (transitive)

• + Added

  marked-terminal@7.3.0
  (transitive)

• + Added

  mz@2.7.0
  (transitive)

• + Added

  nanoid@3.3.12
  (transitive)

• + Added

  node-emoji@2.2.0
  (transitive)

• + Added

  object-assign@4.1.1
  (transitive)

• + Added

  parse-srcset@1.0.2
  (transitive)

• + Added

  parse5@5.1.16.0.1
  (transitive)

• + Added

  parse5-htmlparser2-tree-adapter@6.0.1
  (transitive)

• + Added

  path-expression-matcher@1.5.0
  (transitive)

• + Added

  picocolors@1.1.1
  (transitive)

• + Added

  postcss@8.5.15
  (transitive)

• + Added

  protobufjs@7.6.2
  (transitive)

• + Added

  require-directory@2.1.1
  (transitive)

• + Added

  sanitize-html@2.17.4
  (transitive)

• + Added

  skin-tone@2.0.0
  (transitive)

• + Added

  source-map-js@1.2.1
  (transitive)

• + Added

  string-width@4.2.3
  (transitive)

• + Added

  strip-ansi@6.0.1
  (transitive)

• + Added

  strnum@2.3.0
  (transitive)

• + Added

  supports-color@7.2.0
  (transitive)

• + Added

  supports-hyperlinks@3.2.0
  (transitive)

• + Added

  thenify@3.3.1
  (transitive)

• + Added

  thenify-all@1.6.0
  (transitive)

• + Added

  tslib@2.8.1
  (transitive)

• + Added

  undici-types@7.24.6
  (transitive)

• + Added

  unicode-emoji-modifier-base@1.0.0
  (transitive)

• + Added

  wrap-ansi@7.0.0
  (transitive)

• + Added

  xml-naming@0.1.0
  (transitive)

• + Added

  y18n@5.0.8
  (transitive)

• + Added

  yargs@16.2.0
  (transitive)

• + Added

  yargs-parser@20.2.9
  (transitive)